dongwei2882 2014-07-17 13:49
浏览 123
已采纳

laravel插入查询中的绑定参数

Using Laravel's query builder, I formed a database transaction with the following queries:

DB::transaction(function($map) {

    DB::connection('network')->table('Maps')
                              ->insert([
                                    'Name' => '?',
                                    'Gametype' => '?',
                                    'Author' => '?',
                                    'Enabled' => '?',
                                    'Public' => '?',
                                    'Required' => '?',
                                    'Image' => '?',
                                    'ReleaseDate' => '?',
                                    'ContactInfo' => '?',
                                ], [
                                    $map['name'], 
                                    $map['game'], 
                                    $map['creator'], 
                                    $map['enabled'], 
                                    $map['public'], 
                                    $map['required'], 
                                    $map['image-url'], 
                                    $map['released'], 
                                    $map['contact'],
                                ]); 

    DB::connection('website')->table('panel_logs')
                             ->insert([

                                    'message' => 'Added a new map to '. $map['game'] .' called '. $map['name'] .'.',
                                    'timestamp' => Carbon::now(),
                                    'tag' => 2,
                                    'username' => Auth::user()->username

                                ]);

});

The first query inserts data into a database using query bindings. I have an array called maps containing the data for the insert and I would like to bind on the values however it's not working because it's treating the second array as another insert. In the docs, they didn't provide an example of query binding using the builder. Would it be better just to insert the data without binding? Will this still protect me from SQL injection as I think Laravel uses prepared statements anyway with their builder. I just would like to make sure things don't go horribly wrong.

  • 写回答

1条回答 默认 最新

  • douyiyang6317 2014-07-17 14:08
    关注

    There are different insert methods on the Connection and query Builder classes.

    DB::connection('network') // this is Connection object
   ->table('Maps') // but now it's Query\Builder object

    Connection insert takes a query string as 1st param, and bindings as 2nd param, while the other one does the job for you (no need to bind anything manually).

    So what you need to do is simply this:

    DB::connection('network')->table('Maps')
  ->insert([
        'Name' => $maps['name'],
        'Gametype' => $maps['game'],
        ...
    ]);

    Builder will take care of preparing statement and binding its values.

    Also you need to change the transaction part a bit:

    DB::transaction(function($con) use ($map) {
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog
  • ¥15 Excel发现不可读取的内容
  • ¥15 关于#stm32#的问题:CANOpen的PDO同步传输问题